switch from ip_conntrack to nf_conntrack
Henrik Nordstrom
henrik at henriknordstrom.net
Fri Feb 23 00:54:21 CET 2007
ons 2007-02-21 klockan 08:58 +0100 skrev Thomas Mader:
> Hello everybody,
>
> we wrote a kernelspace module which uses the now deprecated
> ip_conntrack API and we are trying to switch to the new nf_conntrack
> but this seems to be a little bit more problematic than we thought
> first.
> What we want is to build a nf_conntrack_tuple to get the hash for an
> existing connection and finally the id of the connection.
Looking at your code I don't quite get why you need to build the tuple
again or ask for the conntrack hash lookup. Isn't you looking for the
conntrack associated with the packet sent to the match function? If so
just ask for it with nf_ct_get() as it's already associated with the
sk_buff and no need to look it up in the conntrack hash. To keep a
reference outside the match function scope use
nf_conntrack_get/nf_conntrack_put to maintain the lock count. While you
are inside the match function the conntrack is locked by the sk_buff.
Regards
Henrik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad
meddelandedel
Url : /pipermail/netfilter-devel/attachments/20070223/631b146f/attachment.pgp
More information about the netfilter-devel
mailing list